CVE-2005-1087

critical

Description

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20031

http://www.security.org.sg/vuln/anhttpd142n.html

http://www.osvdb.org/15362

http://securitytracker.com/id?1013666

http://secunia.com/advisories/14861

Details

Source: Mitre, NVD

Published: 2005-04-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.04248